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(57) In a cryptographic method and equipment and 
a decrypting method and equipment according to the 
invention, the auxiliary code depending upon a ran- 
domly determined numeric key and the result of encryp- 
tion is included together with the result of encryption 
into a cryptogram. On decrypting, a cryptographic key is 
restored by using the numeric key restored according to 
the entire cryptogram and is utilized in the decryption. 
On the other hand, in another cryptographic method 
and equipment and another decrypting method and 
equipment according to the invention, on encrypting, 
physical characteristic information is scrambled and 
then encrypted. On this encryption, on the contrary, the 
result of decryption is descrambled. In these crypto- 
graphic method and equipment, together with decryp- 
tion method and equipment, any small alteration made 
on the cryptogram causes a serious damage on the 
result of decryption. So, by applying these techniques to 
sending and receiving the physical characteristic infor- 
mation, their safety can be improved. On the other 
hand, in a remote identification system according to the 
invention, by encrypting the physical characteristic infor- 
mation by using a password as a cryptographic key, 
because of the fluctuation of the physical characteristic 
information, authenticating information represented as 
a different bit pattern at each identifying processing can 
be generated and sent to a transmission medium. So, 
by examining the equivalence between the result of 
decryption of the authenticating information and the 
registered reference information while considering the 



aforementioned fluctuation, the person can be reliably 
identified. 
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Description 

[0001] The present invention relates to encryp- 
tion/decryption methods and equipment adapted for 
physical characteristic information such as fingerprints, 5 
voiceprints, palm patterns, facial appearances, or signa- 
tures representing a characteristic inherent to an indi- 
vidual, and to remote identification systems for 
identifying a person through a network according to the 
physical characteristic information. 10 
[0002] The fingerprints, voiceprint, iris patterns or 
the like are characteristics inherent to an individual and 
are invariable for the life of the individual so that they are 
excellent as information for identifying a person and are 
utilized in various identification systems such as an 15 
admission controlling system. 

[0003] As an information-related device such as a 
personal computer spreads, on the other hand, a variety 
of information are vigorously sent and received through 
a network between end users to enhance the impor- 20 
tance of commerce through the network and transmis- 
sions of documents. 

[0004] In order to perform the commerce and the 
exchanges of important documents properly through 
the network, there has been needed a technique for 25 
sending and receiving information to prove each other 
through the network and for identifying the persons reli- 
ably between each other. So the physical characteristic 
information has been noted as the information for iden- 
tifying the persons. 30 
[0005] Fig. 15 is a diagram showing a construction 
of a remote identification system of the prior art through 
a network. 

[0006] The remote identification system shown in 
Fig. 15 is constructed such that a client-side identifica- 35 
tion equipment 410 sends authenticating information 
through the network, and such that a server-side identi- 
fication equipment 420 identifies the person of the cli- 
ent-side identification equipment 410, according to the 
result of comparison between the received authenticat- 40 
ing information and the registered authenticating infor- 
mation. 

[0007] When a personal computer communication 
service is utilized, for example, the end user's personal 
computer is the client-side identification equipment, and 45 
the host computer of a service provider is the server- 
side identification equipment. 

[0008] In this case, according to a user's ID and a 
password inputted through a keyboard 41 1 , the authen- 
ticating information is generated by a request controlling so 
part 412 and is sent to the network by a transmission 
controlling part 413. 

[0009] At this time, the aforementioned password is 
encrypted by an encrypting part 414, and this encrypted 
password is used in the request controlling part 412 to 55 
generate the authenticating information so that the 
password can be safely transferred through the network 
to the server-side identification equipment 420. 



2 

[0010] In the server-side identification equipment 
420 shown in Fig. 15, the aforementioned encrypted 
password is received by a transmission controlling part 
422 and transferred to a decrypting part 421. Accord- 
ingly, the decrypting part 421 decrypts the encrypted 
password and transfers the password to an identifica- 
tion controlling part 423. 

[0011] On the other hand, the aforementioned 
user's ID is received by the transmission controlling part 
422 and then transferred to the identification controlling 
part 423. According to this user's ID, the identification 
controlling part 423 retrieves the registered password 
from a password database 424, and compares this 
password with the password restored by the decrypting 
part 421. 

[0012] In this case, if the restored password and the 
registered password match each other, the identification 
result having confirmed the identity is informed to the 
client-side identification equipment 410 by the transmis- 
sion controlling part 422. Accordingly, the request con- 
trolling part 412 generates a message indicating the 
identification result and informs the person of the fact 
that the permission was acknowledged, by a display 
(CRT) 415. 

[0013] As shown in Fig. 15, on the other hand, the 
encrypting part 414 may encrypt the password by using 
the current time on the system, as received from the 
digital timing unit 41 6, and the decrypting part 421 may 
decrypt the encrypted password by using the current 
time on the system, as received from a digital timing unit 
425. 

[0014] In this case, the password inputted by the 
person can be converted into a different cryptogram 
each time so that it can be safely sent and received 
through the network. 

[0015] In this remote identification system, the 
inputted password is the information for identifying the 
person so that the password has to be properly man- 
aged by each person so as to identify the person relia- 
bly to exclude others. 

[0016] On the other hand, the physical characteris- 
tic information is inherent to an individual and is excel- 
lent as one for the identification so that it is utilized as 
the authenticating information for the persons in the 
admission controlling system, for example. 
[0017] Fig. 16 is a diagram showing an example of 
the construction of the identification system utilizing the 
physical characteristic information. 
[0018] Fig. 1 6 shows the case in which the informa- 
tion representing a feature of a fingerprint is used as the 
physical characteristic information. This identification 
system is constructed to include a fingerprint reader 
430 and fingerprint identification equipment 440. 
[0019] In this identification system, the fingerprint 
reader 430 acquires the information featuring the finger- 
print of a person being present at the site as a series of 
numeric data and inputs the aforementioned informa- 
tion to the fingerprint identification equipment 440 
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through an identification controlling part 401 . 
[0020] A set of numeric data representing the fea- 
ture of a fingerprint will be referred to as the "fingerprint 
data". 

[0021] In the fingerprint reader 430 shown in Fig. 
16, a feature extracting part 431 receives the image 
data read by an image inputting part 432, and extracts 
the feature of the fingerprint appearing in that image. 
[0022] The features, as extracted by the feature 
extracting part 431 , are arrayed according to a predeter- 
mined format by a fingerprint data generating part 433, 
and the fingerprint data thus generated are transferred 
to the identification controlling part 401 . 
[0023] In the fingerprint identification equipment 
440 shown in Fig. 16, a fingerprint database 441 is reg- 
istered with the user's ID given to an individual having 
an admission and fingerprint data (hereunder referred 
to as "reference data") obtained by measuring the 
related individuals. On the other hand, the user's ID 
inputted from a keyboard 402 is transferred to a finger- 
print data retrieving part 442 by the identification con- 
trolling part 401 , so that the related fingerprint data are 
retrieved from the aforementioned fingerprint database 
41 1 by the fingerprint data retrieving part 442 based on 
that user's ID and subjected to the processing of a veri- 
fying part 444. 

[0024] Here, the numeric data obtained by measur- 
ing the physical characteristic information including fin- 
gerprints generally fluctuate at each measurement by 
the condition for the measurement. 
[0025] By the pressure to be applied to a finger 
when the finger is pushed to the image inputting part 
432, the temperature of the finger or the ambient humid- 
ity, for example, the image data to be read change in a 
subtle way. Accordingly, the patterns of ridge flows in an 
image of the fingerprint and the distributions of the ridge 
points or the ridge bifurcations fluctuate. 
[0026] According to the recognition rate required, 
therefore, the verifying part 444 decides whether or not 
the inputted fingerprint data belong to the eligible per- 
son [TI1], depending upon whether or not components 
in a predetermined area of the inputted fingerprint data 
are equivalent to the components in the corresponding 
area of the reference data. 

[0027] Fig. 1 7 is a diagram for explaining a process- 
ing for comparing the physical characteristic informa- 
tion. 

[0028] For an application to allow a misidentification 
of about one to one hundred, for example, the verifying 
part 444 may compare a limited portion of the inputted 
fingerprint data with the reference data, as illustrated as 
a observing area in Fig. 1 7A, and may inform the identi- 
fication controlling part 401 whether or not the variance 
of all the components contained in the observing area is 
within a predetermined allowable range. 
[0029] If the variance between the individual com- 
ponents of the reference data and the individual compo- 
nents of the inputted fingerprint data is within the 



allowable range in the hatched area of Fig. 17A, for 
example, the verifying part 444 informs the identification 
controlling part 401 of the fact that the inputted finger- 
print data and the reference data are equivalent. 

5 [0030] In response to this, the identification control- 
ling part 401 may identify the person, have a displaying 
part 403 display that the person is admitted, and per- 
form the necessary controls such as unlocking the door 
by utilizing the function of the admission controlling part 

10 404. 

[0031 ] If the variance of a portion of the component 
included in the aforementioned observing area exceeds 
the allowable range, as illustrated in Fig. 17B, the verify- 
ing part 444 may inform that the reference data and the 
15 inputted fingerprint data are not equivalent. In response 
to this, the identification controlling part 401 may per- 
form the controls necessary for denying the admission 
of the person. 

[0032] Here, if the fingerprint data are recognized 

20 by using the relatively narrow area as the observing 
area, as illustrated in Fig. 17A, a misidentification of 
about one to one hundred may occur, but the possibility 
of excluding the person can be lowered even if the con- 
dition for measuring the fingerprint data is poor. 

25 [0033] For an application requiring a misidentifica- 
tion of about one to ten thousands, on the other hand, 
most of the fingerprint data has to be confined in the 
observing area, as illustrated in Fig. 17C. 
[0034] In this case, the possibility of the misidentifi- 

30 cation can be lowered, but the possibility that even the 
person able to be admitted may be denied because of 
having slight dirtiness of the fingertip will rise. This is 
because the wider the observing area the larger the 
possibility that the variance between the individual com- 

35 ponents of the inputted fingerprint data and the individ- 
ual components of the reference data may exceed the 
allowable range. 

[0035] As the technique for transmitting the infor- 
mation safely through the network, there was already 

40 practiced the RSA algorithm for realizing the public key 
system or the DES (Data Encryption Standard) method 
applying the common key system. 
[0036] The DES method is a cryptographic method 
for dividing the information to be encrypted into blocks 

45 of a unit of 64 bits and for converting the individual 
blocks by combining a substitution cipher and a transpo- 
sition cipher comp Heatedly. The DES method is called 
the "block encryption" because the conversion unit is 
the block. 

50 [0037] In the aforementioned remote identification 
system of the prior art, the password or the information 
for providing the identity is basically left to the manage- 
ment of an individual. 

[0038] In order to block the plagiarism of the pass- 
55 word, on the other hand, it is required that the password 
has a sufficient length, be a meaningless string of char- 
acters and be frequently changed. This makes it difficult 
for the individual to manage the password properly. 
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[0039] This is because a person finds it difficult to 
memorize the meaningless string of characters or sym- 
bols, and because the necessity of frequent change is 
too heavy a burden for the person. 

[0040] As a matter of fact, most users register such 5 
passwords as can be easily analogized from the per- 
sonal information being opened to the public or the kind 
of information to be preferably accessed to, record and 
carry the memorandum of the password or forget to 
change the password for a long time. 10 
[0041] In the remote identification system using 
only the password as the information for identifying the 
person, therefore, it is difficult to ensure the safety nec- 
essary for the e-commerce or for sending and receiving 
the important information. 15 
[0042] By introducing the remote identification sys- 
tem using the physical characteristic information in 
place of the password as the information for the identifi- 
cation, it is possible to block fraudulent access. So 
important information can be sent and received safely 20 
through the network. 

[0043] Fig. 18 shows an example of the construc- 
tion of the remote identification system utilizing the 
physical characteristic information. 

[0044] In the client-side identification equipment 25 
410 shown in Fig. 18, the fingerprint data obtained by 
the fingerprint reader 430 are encrypted by the encrypt- 
ing part 414, and the obtained cryptogram is sent in 
place of the password to the network by the transmis- 
sion controlling part 413. 30 
[0045] This cryptogram is received by the transmis- 
sion controlling part 422 provided in the server-side 
identification equipment 420 and is then transferred to 
the decrypting part 421 by the identification controlling 
part 401. In response to this, the decrypting part 421 35 
decrypts the aforementioned cryptogram to restore the 
original fingerprint data, which are transferred together 
with the user's ID to the fingerprint identification equip- 
ment 440. 

[0046] Premising that the physical characteristic 40 
information contains fluctuations and noises, when 
exactly the same physical characteristic information as 
the previously inputted one is inputted, that physical 
characteristic information is judged to have been plagia- 
rized. Then, the attack using the plagiarized authenti- 45 
eating information can be blocked, making it possible to 
send and receive the information more safely. 
[0047] The attack to break the protection of the 
remote identification system by using the plagiarized 
authenticating information will be referred to as "replay so 
attack". 

[0048] Here will be described an example of the 
remote identification system considering that replay 
attack. 

[0049] In the remote identification system shown in 55 
Fig. 18, the replay attack is partially blocked by storing 
the fingerprint database 441 with not only the reference 
data related to each user's ID but also the registered fin- 



gerprint data that is previously inputted, by comparing 
the inputted fingerprint data with the reference data and 
the registered fingerprint data by a comparing part 445 
provided in a verifying part 444, and by subjecting the 
result of comparison to the [TI2]processings of a fraud 
detecting part 446 and of a recognizing deciding part 
447. 

[0050] Here, according to the comparison result 
received from the comparing part 445, the fraud detect- 
ing part 446 shown in Fig. 1 8 decides whether or not all 
the numeric data comprising the inputted fingerprint 
data and the corresponding numeric data of the refer- 
ence data or the registered fingerprint data completely 
match, and informs, if they match, the recognizing 
deciding part 447 of the detection of the replay attack. 
[0051] According to the comparison result received 
from the comparing part 445, on the other hand, the rec- 
ognizing deciding part 447 decides whether or not the 
variance between the individual components of the 
inputted fingerprint data and the individual components 
of the reference data is within a predetermined allowa- 
ble range, and further whether or not the inputted finger- 
print data belong to the eligible person, according to the 
decision result and the detection result of the fraud 
detecting part 446, and informs this result of decision as 
the result of recognition to the identification controlling 
part 401 . 

[0052] In this case, it is conditions necessary for 
identifying a person that the inputted fingerprint data are 
equivalent to the reference data over the area covering 
the observing area, as illustrated in Fig. 17A, and that 
all the numeric data comprising the inputted fingerprint 
data are not completely equal to the corresponding 
numeric data contained in the reference data or the reg- 
istered fingerprint data. 

[0053] Here, the cryptographic technique of the 
prior art, as represented by the aforementioned DES 
method, regards the difficulty at the time of restoring the 
original information from the cryptogram as important, 
and converts the original information by a complicated 
cryptographic algorithm. This makes it seriously difficult 
to decrypt the encrypted physical characteristic infor- 
mation to obtain the original physical characteristic 
information. 

[0054] Since the physical characteristic information 
itself is inherent to each person, on the other hand, the 
information is extremely difficult to plagiarize or forge so 
long as it is properly managed. 

[0055] Since the process for the encrypted physical 
characteristic information to be transmitted through the 
network has almost no protection, however, it is rela- 
tively easy to acquire that information fraudulently. 
[0056] When the encrypted physical characteristic 
information fraudulently acquired by the wiretapping 
method or the like is utilized as it is, it can naturally be 
excluded as the replay attack, as has been described 
above. 

[0057] When the fraudulently acquired encrypted 
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physical characteristic information is partially altered, 
however, the decrypted physical characteristic informa- 
tion may satisfy the conditions necessary for identifica- 
tion described above by the influence of the alteration 
upon the decrypted physical characteristic information. 
[0058] Because the fingerprint data having been 
encrypted by the aforementioned encrypting part 414 
using the block encrypting method such as the DES 
method are decrypted for each block as in the encryp- 
tion by the decrypting part 421 so that the influence of 
the alteration of the encrypted physical characteristic 
information is exerted only locally on the portion which 
is obtained by decrypting the altered portion, but not on 
the other portion. 

[0059] As illustrated in Fig. 19, therefore, pseudo 
fluctuations can be synthesized in the decrypted finger- 
print data by fraudulently acquiring the encrypted finger- 
print data in the network and by altering a portion (as 
hatched in Fig. 19) of the encrypted fingerprint data to 
input as new authenticating information. 
[0060] When a portion of the encrypted fingerprint 
data derived from the portion other than the observing 
area is altered, as illustrated in Fig. 19, the fingerprint 
data obtained by the decrypting part 421 are different at 
the decryption result of the altered portion from the cor- 
responding portion of the original fingerprint data but 
are completely equivalent in the observing area to the 
original fingerprint data. 

[0061] In other words, the decryption result 
obtained from the altered encrypted fingerprint data is 
equivalent over the observing area to the reference data 
but does not completely match either the reference data 
or the registered fingerprint data. 

[0062] In this case, the variance, caused in the 
decryption result by altering the encrypted fingerprint 
data, from the original fingerprint data is regarded as 
the fluctuations of the fingerprint data by the recogniz- 
ing deciding part 447, and the fraudulent attack using 
the altered encrypted fingerprint data may be allowed. 
[0063] Therefore, any simple application of the 
cryptographic technique of the prior art could not enable 
the system for the identifying by sending and receiving 
the physical characteristic information through the net- 
work, to improve the security, which is expected by uti- 
lizing the physical characteristic information. 
[0064] It is desirable to provide an elementary tech- 
nique capable of restoring original physical characteris- 
tic information so as to block attacks against the security 
system by re-utilizing encrypted information. 
[0065] It is also desirable to provide an identification 
system utilizing the authenticating information gener- 
ated according to the physical characteristic informa- 
tion. 

[0066] According to one aspect of the present 
invention there is provided a cryptographic method 
comprising the steps of: receiving physical characteris- 
tic information representing a characteristic inherent to 
an individual; randomly determining a numeric key; gen- 



erating a cryptographic key from said numeric key and a 
predetermined primary key; encrypting said physical 
characteristic information using said cryptographic key 
and; generating an auxiliary code for decrypting said 

5 cryptographic key , from the encrypted physical charac- 
teristic information and said numeric key. 
[0067] In this cryptographic method, the auxiliary 
code depends upon the encrypted physical characteris- 
tic information. Therefore, the cryptographic key to be 

w restored according to the auxiliary code necessarily 
depends upon the physical characteristic information. 
So by forming cryptogram from the encrypted physical 
characteristic information and the auxiliary code, the 
cryptographic key to be utilized for decrypting the 

15 encrypted physical characteristic information depends 
upon the entire cryptogram. 

[0068] According to another aspect of the present 
invention there is provided a decryption method com- 
prising the steps of: receiving an encrypted physical 

20 characteristic information and an auxiliary code; restor- 
ing a numeric key from said received data; restoring 
cryptographic key from said numeric key and a prede- 
termined primary key; and decrypting said encrypted 
physical characteristic information by using said crypto- 

25 graphic key and obtaining physical characteristic infor- 
mation. In this decryption method, the original physical 
characteristic information can be restored by decrypting 
the encrypted physical characteristic information 
obtained by the aforementioned cryptographic method, 

30 using the cryptographic key assumed to be used in 
encrypting physical characteristic information. 
[0069] According to another aspect of the present 
invention there is provided a cryptographic equipment 
comprising: an inputting section for inputting physical 

35 characteristic information representing a characteristic 
inherent to an individual; a numeric key generating sec- 
tion for randomly determining numeric key; a key gener- 
ating section for generating a cryptographic key from 
said numeric key and a predetermined primary key; an 

40 encrypting section for encrypting said physical charac- 
teristic information using said cryptographic key; and a 
code generating section for generating an auxiliary 
code from said encrypted physical characteristic infor- 
mation and said numeric key. 

45 [0070] In this cryptographic equipment, as rea- 
soned in the aforementioned description on the crypto- 
graphic method, the cryptogram capable of restoring 
the original physical characteristic information can be 
generated only when decrypted by using the crypto- 

50 graphic key depending upon the entire cryptogram, by 
forming the cryptogram from encrypted physical charac- 
teristic information and the auxiliary code. 
[0071] According to another aspect of the present 
invention there is provided a decrypting equipment 

55 comprising: a receiving section for receiving an 
encrypted physical characteristic information and an 
auxiliary code; a numeric key restoring section for 
restoring a numeric key from said encrypted physical 
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characteristic information and said auxiliary code; a key 
generating section for generating a cryptographic key 
from said numeric key and a predetermined primary 
key; and a decrypting section for decrypting said 
encrypted physical characteristic information by using 5 
said cryptographic key. 

[0072] In this decrypting equipment, the crypto- 
graphic key to be used for the decryption is generated 
according to the depending relationship between the 
encrypted physical characteristic information and the 10 
auxiliary code. Therefore, the cryptographic key used 
for encrypting the physical characteristic information 
can be restored, and then the original physical charac- 
teristic information can be restored by the decrypting 
processing of the decrypting section only when no alter- 15 
ation is applied to the received data. 
[0073] According to another aspect of the present 
invention there is provided a storage medium storing a 
program to be executed by a computer, the program 
comprising: a inputting procedure for inputting physical 20 
characteristic information representing a characteristic 
inherent to an individual; a numeric key generating pro- 
cedure for randomly determining a numeric key; a key 
generating procedure for generating a cryptographic 
key from said numeric key and a predetermined primary 25 
key; an encrypting procedure for encrypting said physi- 
cal characteristic information using said cryptographic 
key; and a code generating procedure for generating an 
auxiliary code from said encrypted physical characteris- 
tic information and said numeric key. 30 
[0074] By using this storage media storing such 
program, the depending relationship can be established 
between the auxiliary code and the encrypted physical 
characteristic information. Therefore, the restoration of 
the original physical characteristic information can be 35 
assured, so long as the combination between the 
encrypted physical characteristic information and the 
auxiliary code is subjected as it is to the decrypting 
processing, but the restoration can be blocked When 
the encrypted physical characteristic information or the 40 
auxiliary code is altered. 

[0075] According to another aspect of the present 
invention there is provided a storage medium storing a 
program to be executed by a computer, the program 
comprising: a receiving procedure for receiving a cryp- 45 
togram including an encrypted physical characteristic 
information and an auxiliary code; a numeric key restor- 
ing procedure for restoring a numeric key from said 
encrypted physical characteristic information and said 
auxiliary code; a key generating procedure for generat- 50 
ing a cryptographic key from said numeric key and a 
predetermined primary key; and a decrypting procedure 
for decrypting said encrypted physical characteristic 
information by using said cryptographic key. 
[0076] By using this storage media storing such 55 
program, the cryptographic key used in the encrypting 
processing can be restored by utilizing the depending 
relationship between the encrypted physical character- 



istic information and the auxiliary code, and then the 
original physical characteristic information can be 
restored through the first decrypting procedure. 
[0077] According to another aspect of the present 
invention there is provided a cryptographic method 
comprising the steps of: receiving physical characteris- 
tic information representing a characteristic inherent to 
an individual; arithmetically converting each component 
of said physical characteristic information by using a 
predetermined function concerning said each compo- 
nent and a plurality of components having a predeter- 
mined relationship with said each component, to 
scramble said physical characteristic information; and 
encrypting the scrambled physical characteristic infor- 
mation by using the predetermined cryptographic key. 
[0078] By reflecting the contents of a plurality of 
blocks having the predetermined relationships with 
each block which are components comprising the phys- 
ical characteristic information, upon the result of 
encryption obtained for each block, according to the 
cryptographic method, the depending relationship can 
be established between each block of the encrypted 
physical characteristic information and a plurality of 
blocks comprising the physical characteristic informa- 
tion, irrespective of the length of each unit of process in 
the encryption. 

[0079] According to another aspect of the present 
invention there is provided a decryption method com- 
prising the steps of: receiving a cryptogram which is an 
encryption of scrambled physical characteristic informa- 
tion; decrypting said cryptogram by using the predeter- 
mined cryptographic key and obtaining said scrambled 
physical characteristic information; and descrambling 
said scrambled physical characteristic information by 
removing each element from each component con- 
structing the result of decryption, in which each element 
is effected at the time of scrambling, by a plurality of 
components that has a predetermined relationship with 
said each component. 

[0080] In this decryption method, when the crypto- 
gram generated by the encrypting processing is 
received as it is, the result of decryption can be 
descrambled to restore the original physical character- 
istic information. 

[0081] When the cryptogram is altered, on the other 
hand, the block obtained by decrypting the altered por- 
tion is different from that to be intrinsically obtained. 
Because this difference influences the descrambled 
result over a plurality of blocks having a depending rela- 
tionship with such block, so that the original physical 
characteristic information cannot be restored irrespec- 
tive of the length of each unit of processing in the 
decryption. 

[0082] According to another aspect of the present 
invention there is provided a cryptographic equipment 
comprising: an inputting section for inputting physical 
characteristic information representing a characteristic 
inherent to an individual; a scrambling section for arith- 
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metically converting each component of said physical 
characteristic information by using a predetermined 
function concerning said each component and a plural- 
ity of components having a predetermined relationship 
with said each component, to scramble said physical 
characteristic information; and an encrypting section for 
encrypting the scrambled physical characteristic infor- 
mation by using the predetermined cryptographic key. 
[0083] In this cryptographic equipment, there can 
be obtained the cryptogram, in which each block com- 
prising the cryptogram depends upon the information 
included in a plurality of blocks comprising the physical 
characteristic information. Therefore, the restoration of 
the original physical characteristic information can be 
assured, as long as the cryptogram is subjected as it is 
to the decrypting processing, but the restoration can be 
blocked if the cryptogram is altered even partially. 
[0084] According to another aspect of the present 
invention there is provided a decrypting equipment 
comprising: a decrypting section for decrypting a 
received cryptogram which is an encryption of a scram- 
bled physical characteristic information, by a predeter- 
mined cryptographic key and obtaining said scrambled 
physical characteristic information and a descrambling 
section for descrambling said scrambled physical char- 
acteristic information. 

[0085] In this decrypting equipment, when the cryp- 
togram sent by the cryptographic equipment is received 
as it is, the original physical characteristic information 
can be restored by descrambling the result of decryp- 
tion. 

[0086] When the cryptogram is altered, on the other 
hand, the block obtained by decrypting the altered por- 
tion is different from that to be intrinsically obtained. 
Because this difference influences the descrambled 
result over a plurality of blocks having a depending rela- 
tionship with such block, the original physical character- 
istic information cannot be restored irrespective of the 
length of each unit of processing in the decryption. 
[0087] According to another aspect of the invention 
there is provided a storage medium storing a program to 
be executed by a computer, the program comprising: an 
inputting procedure for inputting physical characteristic 
information representing a characteristic inherent to an 
individual; a scrambling procedure for arithmetically 
converting each component of said physical character- 
istic information by using a predetermined function con- 
cerning said each component and a plurality of 
components having a predetermined relationship with 
said each component, to scramble said physical charac- 
teristic information; and an encrypting procedure for 
encrypting the scrambled physical characteristic infor- 
mation by using the predetermined cryptographic key. 
[0088] By using this storage media stored with such 
program, there can be obtained the result of encryption, 
in which each block comprising the cryptogram 
depends upon the information included in a plurality of 
blocks comprising the physical characteristic informa- 



tion. Therefore, the restoration of the original physical 
characteristic information can be assured, as long as 
the cryptogram is subjected as it is to the decrypting 
processing, but the restoration can be blocked when the 

5 cryptogram is altered even partially. 

[0089] According to another aspect of the present 
invention there is provided a storage medium storing a 
program to be executed by a computer, the program 
comprising: a decrypting procedure for decrypting a 

w received cryptogram which is an encryption of a scram- 
bled physical characteristic information, by a predeter- 
mined cryptographic key and obtaining said scrambled 
physical characteristic information and a descrambling 
procedure for descrambling said scrambled physical 

15 characteristic information. 

[0090] By using this storage media stored with the 
program, the scramble made on the result of decryption 
can be descrambled to restore the original physical 
characteristic information when the cryptogram gener- 
ic ated in the encrypting procedure is received as it is. 
[0091] When the cryptogram is altered, on the other 
hand, the block obtained by decrypting the altered por- 
tion is different from that to be intrinsically obtained. 
Because this difference influences the descrambled 

25 result over a plurality of blocks having a depending rela- 
tionship with such block, the original physical character- 
istic information cannot be restored irrespective of the 
length of each unit of processing in the decryption. 
[0092] According to another aspect of the present 

30 invention there is provided a remote identification sys- 
tem comprising a client-side equipment and server-side 
equipment, said client-side equipment comprising 
inputting means for inputting physical characteristic 
information representing a characteristic inherent to an 

35 individual; proof information inputting means for input- 
ting information including an identifier or identifying an 
individual and a password; encrypting means for 
encrypting said physical characteristic information using 
said password as a cryptographic key and outputting a 

40 cryptogram; and a outputting means for outputting 
authenticating information generated from said crypto- 
gram and said identifier; said server-side equipment 
comprising registering means for registering password 
and reference data which is obtained by measuring a 

45 physical characteristic corresponding to each individual, 
relating to given identifier corresponding to each per- 
son; receiving means for receiving authenticating infor- 
mation consisting of said cryptogram and said identifier; 
retrieving means for retrieving a relating password and 

50 reference data from said registering means in accord- 
ance to received identifier ; decrypting means for 
decrypting said received cryptogram by using the pass- 
word retrieved by said retrieving means as a crypto- 
graphic key and obtaining a physical characteristic 

55 information; and examining means for examining 
whether or not said physical characteristic information 
and retrieved reference data are equivalent. 
[0093] In this remote identification system, the 
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authenticating information containing the encrypted 
physical characteristic information represented by bit 
patterns different for each identifying processing can be 
generated and sent to the server-side equipment. When 
this authenticating information is transmitted as it is, in 5 
the server-side equipment, the information on physical 
characteristic inputted in the client-side equipment for 
identification is restored. And then the identification can 
be reliably made by examining the equivalency between 
the restored physical characteristic information and the w 
registered reference data by the examining section 
while considering the fluctuation of the physical charac- 
teristic information. 

[0094] The invention also provides computer pro- 
grams as described above in any of the storage medium 15 
aspects of the invention. 

[0095] Preferred features of the present invention 
will now be described, purely by way of example, with 
reference to the accompanying drawings, in which:- 

20 

Fig. 1 is a diagram illustrating the principles of a 
cryptographic method and a decrypting method 
according to one of the preferred embodiments of 
the invention; 

Fig. 2 is a block diagram illustrating the principles of 25 
a cryptographic equipment and a decrypting equip- 
ment according to one of the preferred embodi- 
ments of the invention; 

Fig. 3 is a diagram illustrating the principles of a 
cryptographic method and a decrypting method 30 
according to one of the preferred embodiments of 
the invention; 

Fig. 4 is a block diagram illustrating the principles of 
a cryptographic equipment and a decrypting equip- 
ment according to one of the preferred embodi- 35 
ments of the invention; 

Fig. 5 is a block diagram illustrating the principle of 
an identification system according to one of the pre- 
ferred embodiments of the invention; 
Fig. 6 is a diagram showing a first embodiment of 40 
the invention; 

Fig. 7 is a flow chart showing the operations of the 
first embodiment of the invention; 
Fig. 8 is a diagram for explaining the operations of 
the first embodiment of the invention; 45 
Fig. 9 is a diagram showing a second embodiment 
of the invention; 

Fig. 10 is a diagram for explaining an effect of 
scrambling; 

Fig. 1 1 is a diagram for explaining an effect of pre- 50 
venting analysis of a processing for recognition on 
physical characteristic information; 
Fig. 12 is a diagram for explaining effect of prevent- 
ing structural analysis in terms of physical charac- 
teristic information; 55 
Fig. 13 is a diagram showing a third embodiment of 
the invention; 

Fig. 14 is a diagram for explaining a fraudulent 



access blocking; 

Fig. 15 is a diagram showing an example of the 
construction of a remote identification system of the 
prior art; 

Fig. 16 is a diagram showing an example of the 
construction of the identification system of the prior 
art, utilizing the physical characteristic information; 
Fig. 17 is a diagram for explaining the comparing 
processing on physical characteristics; 
Fig. 18 is a diagram showing an example of the 
construction of the remote identification system uti- 
lizing the physical characteristic information; and 
Fig. 1 9 is a diagram for explaining effects from alter- 
ations of the physical characteristic information. 

[0096] First of all, here will be described the princi- 
ples of a cryptographic method and a decrypting 
method, a cryptographic equipment and a decrypting 
equipment, and an identification system according to a 
preferred embodiment of the invention. 
[0097] Fig. 1 A is a diagram illustrating the principle 
of a cryptographic method according to one of the pre- 
ferred embodiments of the invention. 
[0098] The cryptographic method, as shown in Fig. 
1A, is constructed to include: a step (S11) of inputting 
physical characteristic information; a step (S12) of 
determining a numeric key; a step (S1 3) of generating a 
cryptographic key; an encryption step (S14); and a step 
(S15) of generating an auxiliary code. 
[0099] The principle of the cryptographic method 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[01 00] In the inputting step (S1 1 ), the physical char- 
acteristic information representing a characteristic 
inherent to an individual is received. In the numeric key 
determining step (S12), a numeric key is determined 
randomly. In the cryptographic key generating step 
(S13), the cryptographic key is generated from the 
numeric key and a predetermined primary key. In the 
encryption step (S14), the physical characteristic infor- 
mation is encrypted by using the cryptographic key. In 
the code generating step (S15), an auxiliary code is 
generated from the encrypted physical characteristic 
information and the numeric key. 

[0101] The operations of the cryptographic method 
will be described in the following. 

[0102] At each encryption, according to the numeric 
key determined at the numeric key determining step 
(S12), the cryptographic key is generated at the crypto- 
graphic key generating step (S13), and the physical 
characteristic information inputted at the inputting step 
(S1 1 ) is encrypted at the encryption step (S1 4) by using 
that cryptographic key. According to the encrypted 
physical characteristic information thus obtained and 
the aforementioned numeric key, on the other hand, the 
auxiliary code is generated at the code generating step 
(S15). 

[0103] Thus, a depending relationship is estab- 
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lished between the auxiliary code and the encrypted 
physical characteristic information. 
[0104] By providing the encrypted physical charac- 
teristic information and the auxiliary code for the 
decryption and by restoring the cryptographic key in the 
decryption according to the aforementioned auxiliary 
code, therefore, the decryption of the encrypted physi- 
cal characteristic information is carried out by the cryp- 
tographic key depending upon the encrypted physical 
characteristic information. 

[0105] Fig. 1B is a diagram illustrating the principle 
of the decrypting method according to one of the pre- 
ferred embodiments of the invention. 
[0106] The decrypting method, as shown in Fig. 1 B, 
include a receiving step (S21), a numeric key restoring 
step (S22), a cryptographic key restoring step (S23) and 
a decrypting step (S24). 

[0107] The principle of the decrypting method 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0108] In the receiving step (S21), an encrypted 
physical characteristic information and an auxiliary code 
are received as a cryptogram. In the numeric key restor- 
ing step (S22), a numeric key is restored from the 
encrypted physical characteristic information and the 
auxiliary code. Next, in the cryptographic key restoring 
step (S23), a cryptographic key is restored from the 
numeric key and a predetermined primary key. In the 
decrypting step (S24), the encrypted physical charac- 
teristic information is decrypted by using the crypto- 
graphic key and physical characteristic information is 
restored. 

[0109] The operations of the decrypting method will 
be described in the following. 

[0110] When the receiving step (S21) receives the 
encrypted physical characteristic information and the 
auxiliary code, the numeric key is restored at the 
numeric key restoring step (S22), and the cryptographic 
key is restored at the cryptographic key restoring step 
(S23) according to the numeric key and the primary key. 
It depends upon the propriety of the encrypted physical 
characteristic information whether or not the crypto- 
graphic key thus obtained is correct. Only when the 
proper encrypted physical characteristic information 
arrives, therefore, the original physical characteristic 
information can be restored at the restoring step (S24). 
[0111] Fig. 2A is a block diagram showing the prin- 
ciple of a cryptographic equipment according to one of 
the preferred embodiments of the invention. 
[0112] The cryptographic equipment, as shown in 
Fig. 2A, is constructed to include physical characteristic 
inputting section 111, numeric key determining section 
112, key generating section 113, encrypting section 
1 1 4, generating section 1 1 5 and combining section 1 1 6. 
[01 1 3] The principle of the cryptographic equipment 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0114] The physical characteristic inputting section 



111 inputs physical characteristic information repre- 
senting a characteristic inherent to an individual. The 
numeric key determining section 112 determines a 
numeric key randomly. The key generating section 113 

5 generates a cryptographic key from the numeric key 
and a predetermined primary key. The encrypting sec- 
tion 114 encrypts the inputted physical characteristic 
information by using the cryptographic key. The code 
generating section 115 generates an auxiliary code 

10 from the encrypted physical characteristic information 
and the numeric key. 

[0115] The operations of the cryptographic equip- 
ment thus constructed will be described in the following. 
[0116] At each encryption, the numeric key is gen- 

15 erated by the numeric key determining section 1 12, and 
this numeric key is used to generate the cryptographic 
key by the key generating section 113. When the 
encrypting section 114 performs the encryption by 
using the cryptographic key, therefore, the physical 

20 characteristic information inputted by the inputting sec- 
tion 1 1 1 , is encrypted by using a onetime cryptographic 
key. According to the encrypted physical characteristic 
information thus obtained and the aforementioned 
numeric key, on the other hand, the auxiliary code is 

25 generated by the code generating section 115. 

[0117] Thus, the auxiliary code is generated 
according to the encrypted physical characteristic infor- 
mation so that a depending relationship is established 
between the auxiliary code and the encrypted physical 

30 characteristic information. 

[0118] So, a cryptogram generated from the 
encrypted physical characteristic information and auxil- 
iary code is subjected to decrypting processing, the 
cryptographic key in the decryption is restored accord- 

35 ing to the aforementioned auxiliary code. Therefore, the 
decryption of the encrypted physical characteristic infor- 
mation is performed by the cryptographic key depend- 
ing upon the encrypted physical characteristic 
information. 

40 [0119] Fig. 2B is a block diagram illustrating the 
principle of a decrypting equipment according to one of 
the preferred embodiments of the invention. 
[0120] The decrypting equipment, as shown in Fig. 
2B, is constructed to include receiving section 117, 

45 numeric key restoring section 118, the key generating 
section 1 1 3 and decrypting section 1 1 9. 
[0121] The principle of the decrypting equipment 
according to one of the preferred embodiments of the 
invention will be described in the following. 

so [0122] The receiving section 117 receives the 
encrypted physical characteristic information and an 
auxiliary code. The numeric key restoring section 118 
restores a numeric key from the encrypted physical 
characteristic information and the auxiliary code. The 

55 key generating section 113 generates a cryptographic 
key from the numeric key and a predetermined primary 
key. The decrypting section 1 19 decrypts the encrypted 
physical characteristic information by using the crypto- 
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graphic key. 

[0123] The operations of the decrypting equipment 
thus constructed will be described in the following. 
[0124] According to the encrypted physical charac- 
teristic information and the auxiliary code received 
through the receiving section 117, the numeric key is 
restored by the numeric key restoring section 1 18, and 
the cryptographic key is generated by the key generat- 
ing section 113 according to the restored numeric key. 
[0125] It depends upon the propriety of the 
encrypted physical characteristic information whether or 
not the cryptographic key thus obtained is correct. Only 
when the proper encrypted physical characteristic infor- 
mation arrives, therefore, the original physical charac- 
teristic information can be restored by the decrypting 
section 1 1 9. 

[0126] On the other hand, a encryption program 
according to one of the preferred embodiments of the 
invention is constructed to include an inputting proce- 
dure, a numeric key determining procedure, a crypto- 
graphic key generating procedure, an encrypting 
procedure and a code generating procedure. 
[0127] The principle of the encryption program 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0128] In the inputting procedure, physical charac- 
teristic information representing a characteristic inher- 
ent to an individual is inputted. In the numeric key 
determining procedure, a numeric key is randomly 
determined. In the key generating procedure, a crypto- 
graphic key is generated from the numeric key and a 
predetermined primary key. In the encrypting proce- 
dure, the inputted physical characteristic information is 
encrypted by using the cryptographic key. In the code 
generating procedure, an auxiliary code is generated 
according to the encrypted physical characteristic infor- 
mation and the numeric key. 

[0129] The operations of the encryption program 
thus constructed will be described in the following. 
[0130] The numeric key obtained by the numeric 
key determining procedure is used to generate the one- 
time cryptographic key by the key generating procedure, 
and the physical characteristic information inputted in 
the inputting procedure is encrypted in the encrypting 
procedure by the aforementioned cryptographic key. In 
the code generating procedure, on the other hand, the 
auxiliary code is generated according to the encrypted 
physical characteristic information and the aforemen- 
tioned numeric key. 

[0131] Thus, a depending relationship is estab- 
lished between the auxiliary code and the encrypted 
physical characteristic information. The restoration of 
the original physical characteristic information is 
assured, so long as the encrypted physical characteris- 
tic information and the auxiliary code are subjected as 
they are to the decrypting processing, but is completely 
impossible according to the alteration of the encrypted 
physical characteristic information or the auxiliary code. 



[0132] On the other hand, a decryption program 
according to one of the preferred embodiments of the 
invention is constructed to include a receiving proce- 
dure, a numeric key restoring procedure, a key generat- 

5 ing procedure and a decrypting procedure. 

[0133] The principle of the decryption program 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0134] In the receiving procedure, acryptogram 

w including the encrypted physical characteristic informa- 
tion and an auxiliary code are received. In the numeric 
key restoring procedure, a numeric key for the genera- 
tion of a cryptographic key is restored according to the 
encrypted physical characteristic information and the 

15 auxiliary code. In the key generating procedure, a cryp- 
tographic key is generated according to the numeric key 
and a predetermined primary key. In the decrypting pro- 
cedure, the encrypted physical characteristic informa- 
tion is decrypted by using the cryptographic key. 

20 [0135] The operations of the decryption program 
thus constructed will be described in the following. 
[0136] According to the encrypted physical charac- 
teristic information and the auxiliary code received in 
the receiving procedure, the numeric key is restored by 

25 the numeric key restoring procedure, and the crypto- 
graphic key is generated by the key generating proce- 
dure according to the numeric key. 
[0137] By utilizing a depending relationship 
between the encrypted physical characteristic informa- 

30 tion and the auxiliary code, therefore, the cryptographic 
key used in the encryption can be restored and sub- 
jected to the decrypting procedure only when both the 
encrypted physical characteristic information and the 
auxiliary code are correct. 

35 [0138] Fig. 3A shows the principle of a crypto- 
graphic method according to one of the preferred 
embodiments of the invention. 

[0139] The cryptographic method, as shown in Fig. 
3A, is constructed to include an inputting step (S31), a 

40 scrambling step (S32) and an encrypting step (S33). 
[0140] The principle of the cryptographic method 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0141] In the receiving step (S31), a physical char- 

45 acteristic information representing a characteristic 
inherent to an individual is received. In the scrambling 
step (S32), each component comprising the physical 
characteristic information is arithmetically converted by 
using a predetermined function concerning the each 

50 component and a plurality of components having a pre- 
determined relationship with the each component, to be 
the physical characteristic information scrambled. In the 
encrypting step (S33), the scrambled physical charac- 
teristic information is encrypted by using a predeter- 

55 mined cryptographic key. 

[0142] The operations of the cryptographic method 
thus constructed will be described in the following. 
[0143] The physical characteristic information 
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received at the receiving step (S31) is scrambled at the 
scrambling step (S32) by using the predetermined func- 
tion and is encrypted at the encrypting step (S33). 
[0144] In this case, therefore, the scrambled result 
reflecting each unit information (hereunder referred to 5 
as "block") comprising the original physical characteris- 
tic information and a plurality of blocks having the pre- 
determined relationship with that block is subjected to 
an encrypting processing at the encrypting step (S32). 
[0145] On the encrypted result obtained for each 10 
block comprising the physical characteristic information, 
therefore, there are reflected the contents of a plurality 
of blocks having the predetermined relationship with 
that block. 

[0146] Fig. 3B shows the principle of a decryption 15 
method according to one of the preferred embodiments 
of the invention. 

[0147] The decryption method, as shown in Fig. 3B, 
is constructed to include a receiving step (S41), a 
decrypting step (S42) and a descrambling step (S43). 20 
[0148] The principle of the decryption method 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0149] In the receiving step (S41), a cryptogram 
which is an encryption of scrambled physical character- 25 
istic information is received. In the decrypting step 

(542) , the cryptogram is decrypted by using a predeter- 
mined cryptographic key. In the descrambling step 

(543) , the result of decryption is descrambled by sepa- 
rating each element from each component constructing 30 
the result of decryption, in which each element is 
affected at the time of scrambling by a plurality of com- 
ponents that have a predetermined relationship with the 
each component. 

[0150] The operations of the decryption method 35 
thus constructed will be described in the following. 
[0151] The cryptogram is received at the receiving 
step (S41) and decrypted at the decrypting step (S42) 
and is then descrambled at the descrambling step 
(S43). 40 
[0152] If a variance is established between the 
block obtained as a result of decryption and the block to 
be intrinsically obtained, therefore, the result of 
descrambling varies over a plurality of blocks having the 
depending relationship with that block. Irrespective of 45 
the length of a processing unit in the decrypting 
processing at the decrypting step (S42), therefore, the 
original physical characteristic information can be made 
seriously damaged by the alteration applied to the 
encrypted physical characteristic information. so 
[0153] Fig. 4A shows a block diagram showing the 
principle of a cryptographic equipment according to one 
of the preferred embodiments of the invention. 
[0154] The cryptographic equipment, as shown in 
Fig. 4A, is constructed to include the inputting section 55 
111, scrambling section 131 and encrypting section 
132. 

[0155] The inputting section 111 inputs physical 



characteristic information representing a characteristic 
inherent to an individual. The scrambling section 131 
arithmetically converts each component comprising the 
physical characteristic information by using a predeter- 
mined function concerning the each component and a 
plurality of components having a predetermined rela- 
tionship with the each component, to scramble the 
physical characteristic information. The encrypting sec- 
tion 132 encrypts the scrambled physical characteristic 
information by using a predetermined cryptographic 
key. 

[0156] The operations of the cryptographic equip- 
ment thus constructed will be described in the following. 
[0157] The information included in each block com- 
prising the physical characteristic information inputted 
by the inputting section 1 1 1 is arithmetically converted 
by the scrambling section 1 31 together with the informa- 
tion included in a plurality of blocks having the predeter- 
mined relationship with that block and is then encrypted 
by the encrypting section 132. 

[0158] On each block of the result of encryption 
obtained for each block of the physical characteristic 
information, therefore, there is reflected the information 
which is included in a plurality of blocks having the pre- 
determined relationship with that block. 
[0159] Fig. 4B is a block diagram showing the prin- 
ciple of a decrypting equipment according to one of the 
preferred embodiments of the invention. 
[0160] The decrypting equipment, as shown in Fig. 
4B, is constructed to include decrypting section 135 and 
descrambling section 136. 

[0161] The principle of the decrypting equipment 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0162] The decrypting section 135 decrypts a 
received cryptogram that is an encryption of scrambled 
physical characteristic information by using a predeter- 
mined cryptographic key, and obtains the scrambled 
physical characteristic information. The descrambling 
section 136 descrambles the scrambled physical char- 
acteristic information. 

[0163] The operations of the decrypting equipment 
thus constructed will be described in the following. 
[0164] The cryptogram inputted to the decrypting 
equipment is decrypted by the decrypting section 135 
and is then descrambled by the descrambling section 
136. 

[0165] If the cryptogram is altered, therefore, the 
result obtained is considerably different from that of 
descrambling to be intrinsically obtained, so that the 
restoration of the original physical characteristic infor- 
mation is completely impossible. 

[0166] On the other hand, an encryption program 
according to one of the preferred embodiments of the 
invention is constructed to include an inputting proce- 
dure, a scrambling procedure and an encrypting proce- 
dure. 

[0167] The principle of the encryption program 
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according to one of the preferred embodiments of the 
invention will be described in the following. 
[0168] In the inputting procedure, physical charac- 
teristic information representing a characteristic inher- 
ent to an individual is inputted. In the scrambling 
procedure, each component of the physical characteris- 
tic information is arithmetically converted by using a 
predetermined function on the each component and a 
plurality of components having a predetermined rela- 
tionship with the each component, and the physical 
characteristic information to be scrambled. In the 
encrypting procedure, the scrambled physical charac- 
teristic information is encrypted by using a predeter- 
mined cryptographic key. 

[0169] The operations of the encryption program 
thus constructed will be described in the following. 
[0170] The information included in each block of the 
physical characteristic information inputted by the input- 
ting procedure is arithmetically converted in the scram- 
bling procedure together with the information included 
in a plurality of blocks having the predetermined rela- 
tionship with that block and is then encrypted in the 
encrypting procedure. 

[0171] On each block of the result of encryption 
obtained for that block of the physical characteristic 
information, there is reflected the information which is 
included in a plurality of blocks having the predeter- 
mined relationship with that block. 
[0172] On the other hand, a decryption program 
according to one of the preferred embodiments of the 
invention is constructed to include a decrypting proce- 
dure and a descrambling procedure. 
[0173] The principle of the decryption program 
according to one of the preferred embodiments of the 
invention will be described in the following. 
[0174] In the decrypting procedure, a received 
cryptogram which is an encryption of scrambled physi- 
cal characteristic information is decrypted by using a 
predetermined cryptographic key, and scrambled physi- 
cal characteristic information is obtained. In the 
descrambling procedure, the scrambled physical char- 
acteristic information is descrambled by arithmetically 
converting the scrambled physical characteristic infor- 
mation by using a predetermined function. 
[0175] The operations of the decryption program 
thus constructed will be described in the following. 
[0176] The inputted cryptogram is decrypted in the 
decrypting procedure and is then arithmetically con- 
verted in the descrambling procedure by using the pre- 
determined function. 

[0177] If the cryptogram is altered, therefore, the 
result obtained is considerably different from that of 
descrambling to be intrinsically obtained, so that the 
restoration of the original physical characteristic infor- 
mation is completely impossible. 

[0178] Fig. 5 is a block diagram showing the princi- 
ple of a remote identification system according to one of 
the preferred embodiments of the invention. 



[0179] The remote identification system, as shown 
in Fig. 5, is constructed to comprise a client-side equip- 
ment 101 and a server-side equipment 102. The client- 
side equipment 101 or data sending equipment is con- 

5 structed to include the inputting section 111, proof infor- 
mation inputting section 141, encrypting section 142 
and outputting section 143. On the other hand, the 
server-side equipment 102 or identifying equipment is 
constructed to include registering section 144, receiving 

w section 145, retrieving section 146, decrypting section 
147 and examining section 148. 

[0180] The principle of the remote identification 
system according to one of the preferred embodiments 
of the invention will be described in the following. 

15 [0181] The inputting section 1 1 1 provided in the cli- 
ent-side identification equipment 101 or the data send- 
ing equipment inputs physical characteristic information 
representing a characteristic inherent to an individual. 
The proof information inputting section 141 provided in 

20 the client-side identification equipment 101 or the data 
sending equipment inputs information including identi- 
fier or identifying an individual and a password. The 
encrypting section 142 provided in the client-side identi- 
fication equipment 101 or the data sending equipment 

25 encrypts the physical characteristic information by using 
the password as a cryptographic key and outputs a 
cryptogram. The outputting section 143 provided in the 
client-side identification equipment 101 or the data 
sending equipment outputs authenticating information 

30 generated from the cryptogram the identifier. The regis- 
tering section 144 provided in the server-side identifica- 
tion equipment 102 or the identifying equipment 
registers password and reference data which is 
obtained by measuring a physical characteristics corre- 

35 sponding to each individual, relating to given identifier 
corresponding to each person. The receiving section 
145 provided in the server-side identification equipment 
102 or the identifying equipment receives an authenti- 
cating information consisting of the cryptogram and the 

40 identifier. The retrieving section 146 provided in the 
server-side identification equipment 102 or the identify- 
ing equipment retrieves a relating password and refer- 
ence data from the registering section 144, according to 
the received identifier. The decrypting section 147 pro- 

45 vided in the server-side identification equipment 102 or 
the identifying equipment decrypts the received crypto- 
gram by using the password retrieved by the retrieving 
section 146 as a cryptographic key, and obtains physical 
characteristic information. The examining section 148 

50 provided in the server-side identification equipment 102 
or the identifying equipment examines whether or not 
the physical characteristic information and the retrieved 
reference data are equivalent. 

[0182] The operations of the remote identification 
55 system thus constructed will be described in the follow- 
ing. 

[0183] In the client-side identification equipment 
101 or the data sending equipment, the physical char- 
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acteristic information inputted by the inputting section 
1 1 1 is encrypted by the encrypting section 142 by using 
the proof information inputted by the proof information 
inputting section as the cryptographic key and is output- 
ted by the outputting section 143. 
[0184] Here, the physical characteristic information 
is one fluctuating at each measurement so that the 
authenticating information to be outputted by the client- 
side equipment 101 or the data sending equipment is 
represented in different bit patterns at each identifying 
processing. 

[0185] This authenticating information including 
encrypted physical characteristic information and identi- 
fier is received by the receiving section 145 provided in 
the server-side identification equipment 1 02 or the iden- 
tifying equipment, and its encrypted physical character- 
istic information is decrypted by the decrypting section 
147 and its identifier is subjected to the retrieving 
processing by the retrieving section 146. 
[0186] The result of decryption obtained by the 
aforementioned decrypting section 147 and the refer- 
ence data retrieved from the registering section 144 by 
the retrieving section 146 are compared by the examin- 
ing section 148 to examine whether or not they are 
equivalent. 

[0187] Therefore, a reliable identification can be 
realized by properly setting in the examining section 1 48 
the criteria for examining whether or not the physical 
characteristic information obtained as a result of 
decryption and the reference data are equivalent, while 
considering the fluctuation of the physical characteristic 
information. 

[0188] Moreover, the details of the individual sec- 
tion constructing the aforementioned cryptographic 
equipment and decrypting equipment will be described 
on their principles. 

[0189] As shown in Fig. 2A, the numeric key deter- 
mining section is constructed to include fluctuation 
extracting section 121 and converting section 122. 
[0190] The principle of the numeric key determining 
section 112 according to one of the preferred embodi- 
ments of the invention will be described in the following. 
[0191] The fluctuation extracting section 121 
extracts a fluctuation element included in the physical 
characteristic information. The converting section 122 
converts the fluctuation element received from the fluc- 
tuation extracting section 121 , into a numeric value and 
outputs the result of conversion as a numeric key. 
[0192] The operations of the numeric key determin- 
ing section thus constructed will be described in the fol- 
lowing. 

[0193] By converting the fluctuation element 
extracted by the fluctuation extracting section 121 into a 
numeric value by the converting section 122, a random 
numeric key can be generated by utilizing the character- 
istics of the physical characteristic information as they 
are, thereby to make any random number generator 
unnecessary. 



[0194] As shown in Fig. 2A, the code generating 
section 1 15 provided in the cryptographic equipment is 
constructed to include abstracting section 123 and syn- 
thesizing section 124. 
5 [0195] The principle of the code generating section 
115 according to one of the preferred embodiments of 
the invention will be described in the following. 
[0196] In response to an input of the encrypted 
physical characteristic information, the abstracting see- 
to tion 123 generates a digest comprising elements indi- 
vidually reflecting the components comprising the 
encrypted physical characteristic information. The syn- 
thesizing section 124 synthesizes the digest and the 
numeric key by using a predetermined function, to sub- 
15 ject the result of synthesis as an auxiliary code to the 
processing of the combining section 1 1 6. 
[0197] The operations of the code generating sec- 
tion 1 15 thus constructed will be described in the follow- 
ing. 

20 [0198] The digest reflecting each component of the 
encrypted physical characteristic information is 
obtained by the abstracting section 123 so that the aux- 
iliary code uniformly reflecting each component com- 
prising the encrypted physical characteristic information 

25 can be generated by synthesizing that digest and the 
numeric key by the synthesizing section 124. 
[0199] On the other hand, the principle of the com- 
bining section 1 16 provided in the cryptographic equip- 
ment shown in Fig. 2A will be described in the following. 

30 [0200] The combining section 116 combines the 
encrypted physical characteristic information and the 
auxiliary code in accordance with a predetermined rule, 
and outputs the combination as a cryptogram to the net- 
work. 

35 [0201] The operations of the combining section 1 1 6 
thus constructed will be described in the following. 
[0202] The encrypted physical characteristic infor- 
mation and the auxiliary code are combined by the com- 
bining section 116 and are outputted in the combined 

40 state so that the illegal acts for analyzing the encrypted 
physical characteristic information and the auxiliary 
code individually can be made difficult to enhance the 
protectiveness against the cryptanalysis. 
[0203] As shown in Fig. 2B, the numeric key restor- 

45 ing section 1 1 8 provided in the decrypting equipment is 
constructed to include the abstracting section 123 and 
separating section 125. 

[0204] The principle of the numeric key restoring 
section 118 according to one of the preferred embodi- 

50 ments of the invention will be described in the following. 
[0205] In response to an input of the encrypted 
physical characteristic information, the abstracting sec- 
tion 123 generates the digest comprising the elements 
individually reflecting the individual components com- 

55 prising the encrypted physical characteristic informa- 
tion. The separating section 125 separates the 
elements derived from the digest from the auxiliary 
code, to restore the numeric key. 
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[0206] The operations of the numeric key restoring 
section 1 1 8 thus constructed will be described in the fol- 
lowing. 

[0207] In response to an input of the digest 
obtained by the abstracting section 123, the separating 
section 125 is enabled to restore the numeric key from 
the auxiliary code firmly combined with the encrypted 
physical characteristic information, by separating the 
elements derived from that digest from the auxiliary 
code, thereby to subject the restored numeric key to the 
processing of the key generating section 1 13. 
[0208] On the other hand, the principle of the 
scrambling section 131 provided in the cryptographic 
equipment shown in Fig. 4A will be described in the fol- 
lowing. 

[0209] This scrambling section 131 arithmetically 
converts the elements derived from all the components 
comprising the information to be converted, by using a 
function reflecting them on the values of the individual 
components converted. 

[0210] The operations of the scrambling section 
131 having these features will be described in the fol- 
lowing. 

[0211] By executing the arithmetic conversion by 
the scrambling section 131, the area in which the indi- 
vidual blocks of the encrypted physical characteristic 
information have a depending relationship can be 
extended to all the blocks of the original physical char- 
acteristic information. 

[0212] In other words, by subjecting the scrambled 
result obtained by that scrambling section 131 to the 
processing the encrypting section 132, therefore, it is 
possible to generate the encrypted physical characteris- 
tic information in which the individual blocks depend 
upon the entire physical characteristic information. 
[0213] The principles of the encrypting section 142 
provided in the client-side equipment 101 and the regis- 
tering section 144 and the decrypting section 147 pro- 
vided in the server-side equipment 102, as shown in 
Fig. 5A, will be described in the following. 
[0214] The encrypting section 142 encrypts the 
physical characteristic information by using a password 
as a secret key. The registering section 144 registers a 
relating public key as the password of each person. The 
decrypting section 147 decrypts the encrypted physical 
characteristic information by using the public key 
received from the retrieving section 146. 
[0215] The operations of the remote identification 
system provided with the aforementioned individual 
section will be described in the following. 
[0216] In the client-side identification equipment 
102, the physical characteristic information is encrypted 
by the encrypting section 142 by using the password as 
the secret key. In the server-side identification equip- 
ment 102, the encrypted physical characteristic infor- 
mation is decrypted by the decrypting section 147 by 
using the public key registered in the registering section 
144. Thus, the safety of the remote identification system 



can be further improved. 

[0217] By thus adopting the cryptographic method 
of the public key type, the authenticating information 
cannot be generated based on the information having 
5 leaked, even if the information registered in the server- 
side equipment leaks, so that such fraudulent access 
can be reliably blocked. 

[0218] Embodiments of the invention will be 
described in detail with reference to the accompanying 
w drawings. 

[0219] Fig. 6 shows a first embodiment. On the 
other hand, Fig. 7 is a flow chart showing the encryption 
and the decryption. 

[0220] Here in Fig. 6, the components having the 

15 same functions and constructions as those shown in 
Figs. 16 and 18 are designated by the common refer- 
ence numerals, and their description will be omitted. 
[0221] In a client-side identification equipment 201 
shown in Fig. 6, the fingerprint data obtained by the fin- 

20 gerprint reader 430 (see Fig. 16) are encrypted by a 
cryptographic equipment 210, and the encrypted physi- 
cal characteristic information obtained is sent by the 
transmission controlling part 413 to the network. 
[0222] In a server-side identification equipment 

25 202, on the other hand, the encrypted physical charac- 
teristic information received by the transmission control- 
ling part 422 is decrypted by a decrypting equipment 
220 so that the result of this decryption is subjected to 
the processing of the fingerprint identification equip- 

30 ment440. 

[0223] In the cryptographic equipment 210 shown 
in Fig. 6, a bit pattern generating part 21 1 generates a 
cyclic code for cyclic redundancy check (CRC) of a pre- 
determined length according to a series of numeric data 

35 representing the fingerprint data inputted (at Steps 301 
and 302 in Fig. 7A), and the generated cyclic code is 
subjected as the numeric key to the processing of a key 
generating part 21 2. 

[0224] Here, the fingerprint data obtained by the 

40 aforementioned fingerprint reader 430 contain not only 
information representing characteristics inherent to the 
person to be measured (hereunder referred to as "inher- 
ent characteristics") and also fluctuation elements fluc- 
tuating with the condition of measurement. 

45 [0225] If a cyclic code of n-bits is generated by the 
aforementioned bit pattern generating part 21 1 accord- 
ing to a bit string representing the fluctuation elements, 
therefore, a bit pattern different for each input of finger- 
print data never fails to be obtained but can be utilized 

50 as a numeric key changing at each encryption. 

[0226] In other words, the bit pattern generating 
part 21 1 thus operates to transfer the bit pattern as 
numeric key obtained to the key generating part 212 so 
that random numeric data can be generated as a cryp- 

55 tographic key by utilizing the fluctuation of the finger- 
print data. 

[0227] In Fig. 6, on the other hand, a primary key 
storage area 213 stores a bit string of a length of n-bits 
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as the primary key, and the key generating part 212 per- 
forms an exclusive OR operation between the primary 
key and the aforementioned bit pattern, for example, to 
generate a cryptographic key of n-bits (at Step 303 of 
Fig. 7A) and to subject the generated cryptographic key 
to the processing of a block encrypting part 214. 
[0228] When a device password is registered in 
advance as information for identifying the client-side 
identification equipment 201, for example, the device 
password or its portion may be stored as the primary 
key in the primary key storage area 213. On the other 
hand, a user's password inputted by the person can be 
utilized as the primary key. Moreover, a bit pattern 
obtained by combining the device password and the 
user' s password may be stored as the primary key in 
the primary key storage area 213. 
[0229] In general, the longer the cryptographic key 
is, the more difficult the decryption of the encrypted 
information becomes, so that a bit pattern of 32 bits or 
longer should be generated as the cryptographic key. 
[0230] In particular, a cyclic code of 56 bits is gen- 
erated by the bit pattern generating part 21 1, and a bit 
pattern of the same length is stored as the primary key. 
If the cryptographic key of 56 bits is then generated by 
the key generating part 212, the block encryption such 
as the data encryption standard method can be applied. 
[0231] In this case, the block encrypting part 214 
may be constructed to encrypt the fingerprint data by 
using the aforementioned cryptographic key in accord- 
ance with the data encryption standard method (at Step 

304 of Fig. 7A) and to subject the obtained encrypted 
fingerprint data to the processings of a hash coding part 
21 5 and of a message combining part 21 6. 

[0232] This hash coding part 215 is constructed to 
convert the encrypted fingerprint data, for example, into 
a hash address represented as a bit string shorter than 
their own length by using a proper hash function. 
[0233] The hash address obtained by the hash cod- 
ing part 215 is inputted together with the aforemen- 
tioned numeric key to a logical operating part 217. This 
logical operating part 217 performs a predetermined 
logic operation to convert a combination of the hash 
address and the numeric key by a one-to-one mapping 
function and to transfer the result of operation to the 
message combining part 216. 

[0234] Here, if a hash function having a sufficient 
diffusion is used in the aforementioned hash coding part 
215, this hash coding part 215 can operate in response 
to an input of the encrypted data on the fingerprint char- 
acteristics to obtain a digest reflecting the summary of 
the encrypted fingerprint characteristic data (at step 

305 of Fig. 7A). 

[0235] In response to the input of the hash address 
and the numeric key, on the other hand, the logical oper- 
ating part 217 calculates their exclusive OR (at Step 

306 of Fig. 7A) so that the two inputs can be converted 
into a mapping corresponding one-to-one to their com- 
bination thereby to obtain the result of logic operation 



reflecting both the hash address and the numeric key. 
[0236] In this case, the aforementioned hash cod- 
ing part 215 and logical operating part 217 can perform 
a simple arithmetic and logical operation to obtain an 
5 auxiliary code reflecting both a digest related closely to 
encrypted fingerprint characteristic data and the 
numeric key. 

[0237] By thus generating a depending relationship 
between the auxiliary code and the encrypted finger- 

w print characteristic data, the cryptographic key to be uti- 
lized in the decrypting equipment changes depending 
upon both the auxiliary code and the encrypted finger- 
print characteristic data, as will be described later, so 
that the restoration of the cryptographic key can be 

15 made impossible in response to the alteration of a cryp- 
togram to be transmitted through the network. 
[0238] On the other hand, the message combining 
part 21 6 shown in Fig. 6 combines the encrypted finger- 
print characteristic data received from the block 

20 encrypting part 214 and the aforementioned auxiliary 
code (at Step 307 of Fig. 7A), for example, to generate 
the authenticating information represented as a series 
of bit string, as illustrated in Fig. 8, and to send the 
authenticating information to the network by the trans- 

25 mission controlling part 413. 

[0239] Thus, in response to the inputs of the 
encrypted fingerprint characteristic data and the auxil- 
iary code, the message combining part 21 6 can operate 
to combine the encrypted fingerprint characteristic data 

30 and the auxiliary code and to send them to the network 
by the transmission controlling part 413. 
[0240] Next, a decrypting equipment of the first 
embodiment will be described in detail. 
[0241] In the decrypting equipment 220 shown in 

35 Fig. 6, an auxiliary code separating part 222 receives 
the authenticating information shown in Fig. 8 from the 
transmission controlling part 422 (at step 31 1 of Fig. 
7B), and separates the authenticating information into 
the encrypted fingerprint characteristic data (at Step 

40 312 of Fig. 7B) and the auxiliary code to send the 
encrypted fingerprint characteristic data to a block 
decrypting part 223 and a hash coding part 224 and to 
send the auxiliary code to a logical operating part 225. 
[0242] Here, the auxiliary code is the result of exclu- 

45 sive OR operation of the hash address corresponding to 
the encrypted fingerprint characteristic data and the 
numeric key, as has been described above. 
[0243] Therefore, the hash address of the 
encrypted fingerprint characteristic data is determined 

50 by the hash coding part 224 by using the same hash 
function as that used in the encryption (at Step 313 of 
Fig. 7B), and the exclusive OR between the hash 
address and the auxiliary code is determined by the log- 
ical operating part 225 (at step 314 of Fig. 7B), so that 

55 the numeric key used for generating the cryptographic 
key can be restored. 

[0244] In Fig. 6, on the other hand, a primary key 
storage area 226 stores the primary key used in the 
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encryption, and the primary key storage area 226 and a 
key generating part 227 can operate, in response to the 
result of operation by the logical operating part 225 as 
the numeric key, to reproduce the cryptographic key 
used in the encryption and to subject the reproduced 5 
cryptographic key to the processing of the block 
decrypting part 223 (at Steps 315 and 316 of Fig. 7B). 
[0245] Thus, the decrypting equipment can be real- 
ized to restore the original fingerprint data from the 
authenticating information containing the encrypted fin- 10 
gerprint characteristic data obtained by the aforemen- 
tioned cryptographic equipment 210. 
[0246] Next, here will be described a method for 
blocking a fraudulent access by the server-side identifi- 
cation equipment 202 including the fingerprint identifi- 15 
cation equipment 440 of the aforementioned 
construction when the authenticating information is par- 
tially altered in the course of being transmitted in the 
network. 

[0247] If the encrypted fingerprint characteristic 20 
data contained in the authenticating information is par- 
tially altered (as hatched in Fig. 8), as shown in Figs. 8A 
and 8B, the hash address obtained by the hash coding 
part 224 is naturally different according to the input of 
the encrypted fingerprint characteristic data from that 25 
which is obtained by hash-coding the original encrypted 
fingerprint characteristic data. 

[0248] In this case, an erroneous digest is obtained 
by the alteration of the encrypted fingerprint character- 
istic data so that the numeric key obtained by inputting 30 
the erroneous digest and the auxiliary code to the logi- 
cal operating part is also erroneous. Naturally, the error 
is also propagated to the cryptographic key that is 
restored by the key generating part 227 according to 
that numeric key. 35 
[0249] As a result, the block decrypting part 223 
decrypts the altered encrypted fingerprint characteristic 
data by using the erroneous cryptographic key so that 
the result of decryption can be expected to be remarka- 
bly different from the original fingerprint data. 40 
[0250] When the auxiliary code included in the 
authenticating information is altered, as shown in Fig. 
8B, the correct hash address can be obtained by the 
hash coding part 224 in response to the input of the 
encrypted fingerprint characteristic data. However, 45 
since the auxiliary code is erroneous, the result of oper- 
ation by the logical operating part will be erroneous, 
making the resulting numeric key different from the orig- 
inal numeric key. 

[0251] In this case, too, the erroneous crypto- 50 
graphic key is subjected to the processing of the block 
decrypting part 223 as in the case where the encrypted 
fingerprint data are altered, so that the result of decryp- 
tion obtained by the block decrypting part 223 can also 
be expected to be remarkably different from the original 55 
fingerprint data. 

[0252] From this, altering the authenticating infor- 
mation even partially results in the breaking of the 



depending relationship formed in the encryption 
between the encrypted physical characteristic informa- 
tion and the auxiliary code, and the influence of this 
alteration can be propagated to the entire result of 
decryption. 

[0253] Since the difference between the result of 
decryption obtained by using the erroneous crypto- 
graphic key and the original fingerprint data is serious 
as described above, it can be reliably decided by the fin- 
gerprint identification equipment 440 that the fingerprint 
data obtained in response to the input of the altered 
authenticating information do not belong to the eligible 
person. 

[0254] This is because the influence of the altera- 
tion of an arbitrary portion of the authenticating informa- 
tion is exerted all over the result of decryption. It can 
therefore be expected that the information comprising to 
the observing area in the fingerprint identification equip- 
ment 440 is reliably influenced considerable amount. 
[0255] Irrespective of the extent of the observing 
area, therefore, the fingerprint data restored from the 
altered authenticating information are reliably decided 
as not provided in the eligible person by the dactylos- 
copy. This makes it possible to reliably block the access 
according to the encrypted physical characteristic infor- 
mation fraudulently acquired. 

[0256] Constructing to exclude the fingerprint data, 
which are identical to the reference data or the regis- 
tered fingerprint data, when inputted, as the "replay 
attack" is adopted as in the fingerprint identification 
equipment 440 shown in Fig. 18, it is possible to block 
the access utilizing the fraudulently acquired authenti- 
cating information as it is. 

[0257] In the first embodiment, the features of the 
inherent characteristics and the fluctuation elements 
included in the physical characteristic information are 
individually utilized to identify a person reliably to pro- 
vide a remote identification system of high safety. 
[0258] Here, the cryptographic method to be 
adopted in the encrypting part 214 may be one of the 
common key system, and an affine transformation cryp- 
tography or a vegenere cryptography may be adopted in 
place of the aforementioned data encryption standard 
method. 

[0259] On the other hand, the unit length of encryp- 
tion by the encrypting part 21 4 can also be modified. 
[0260] In this modification, for example, the encryp- 
tion unit has a length of 32 bits, and both the primary 
key and the numeric key are given 32 bits. The key gen- 
erating part 212 generates a cryptographic key of 32 
bits, and the encrypting part 214 determines random 
numbers sequentially for each block by utilizing that 
cryptographic key so that the series of result of exclu- 
sive OR operation between each random number and 
the corresponding block may be used as the result of 
encryption. 

[0261] On the other hand, the digest of the 
encrypted physical characteristic information may 
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depend upon the encrypted physical characteristic 
information as a whole. For example, therefore, the 
cryptographic equipment and the decrypting equipment 
may be constructed to include a decimating part for dec- 
imating bits simply from the bit string representing the 
encrypted physical characteristic information, to gener- 
ate the digest, in place of the hash coding parts 215 and 
224. Alternatively, the cryptographic equipment and the 
decrypting equipment can also be constructed to 
include a cyclic code generating part for generating the 
cyclic code on the encrypted physical characteristic 
information as the digest. 

[0262] On the other hand, the client-side identifica- 
tion equipment 201 may be constructed to include an 
integrated circuit card writer in place of the transmission 
controlling part 413 shown in Fig. 6, and the server-side 
identification equipment 202 may be constructed to 
include an integrated circuit card reader in place of the 
transmission controlling part 422, so that the authenti- 
cating information may be sent and received by using 
the integrated circuit card. 

[0263] In this case, the authenticating information 
can be transferred to the server-side identification 
equipment 202 by manually transporting the nameplate 
having the integrated circuit card (hereunder referred to 
as "IC card"). 

[0264] On the other hand, the program to be exe- 
cuted by the computer can realize the functions of the 
individual parts constructing the decrypting equipment 
220 shown in Fig. 6. By recording the program in the 
storage media and distributing it, the system for 
encrypting the physical characteristic information safely 
by using the cryptographic method can be provided for 
users of wide range. 

[0265] Likewise, the program for executing the com- 
puter can realize the functions of the individual parts 
constructing the decrypting equipment 220 shown in 
Fig. 6. By recording the program in the storage media 
and distributing it, there can be provided the system for 
decrypting only the proper authenticating information 
encrypted by using the first cryptographic method, cor- 
rectly to restore the physical characteristic information 
and to subject it to the identifying processing. 
[0266] Next, here will be described in detail of a 
cryptographic method and a decryption method, and a 
cryptographic equipment and a decrypting equipment of 
the second embodiment. 

[0267] Fig. 9 shows a second embodiment of the 
invention. 

[0268] In Fig. 9, a client-side identification equip- 
ment 203 and a server-side identification equipment 
204 construct a remote identification system. 
[0269] In this client-side identification equipment 
203, the fingerprint data measured by the fingerprint 
reader 430 are encrypted by a cryptographic equipment 
230, and the result of encryption obtained are written as 
authenticating information in an IC card by an IC card 
writer 234. 



[0270] In the server-side identification equipment 
204 shown in Fig. 9, on the other hand, authenticating 
information obtained by an IC card reader 235 having 
read the IC card. And this authenticating information is 

5 decrypted by decrypting equipment 240, and this result 
of decryption is subjected to the processing of the fin- 
gerprint identification equipment 440. 
[0271] In the cryptographic equipment 230 shown 
in Fig. 9, a discrete Fourier transformation (DFT) part 

10 231 discretely Fourier-transforms the fingerprint data 
received from the fingerprint reader 430, and subjects 
the result of transformation to the processing in a block 
encrypting part 232. 

[0272] On the other hand, a cryptographic key stor- 
15 age area 233 shown in Fig. 9 stores a cryptographic key 
inherent to each registered client-side identification 
equipment respectively. And the block encrypting unit 
232 encrypts the result of transformation by the discrete 
Fourier transformation part 231 for each block by using 
20 that cryptographic key. So the encrypted transformation 
result is subjected to a writing processing by the IC card 
writer 234. 

[0273] Storing a cryptographic key of 56 bits in the 
cryptographic key storage area 233 and adopting the 
25 data encryption standard method in the block encrypt- 
ing part 232, for example, it is possible to obtain the 
encrypted fingerprint data which are extremely hard to 
decrypt. 

[0274] Here, the discrete Fourier transformation 

30 part 231 Fourier-transforms the fingerprint data so that 
the influences caused by the individual components 
constructing the fingerprint data are exerted upon the 
entirety of the result of Fourier transformation, as illus- 
trated in Figs. 10A and 10B. Therefore, the individual 

35 blocks or the encryption units by the block encrypting 
part 232 are dependent upon all the components con- 
structing the fingerprint data (see Fig. 1 0C). 
[0275] Therefore, when the fingerprint data are 
encrypted after Fourier-transformed, as described 

40 above, the information of the individual blocks con- 
structs the result of encryption is dependent upon all the 
components constructing the fingerprint data. 
[0276] In other words, the individual parts of the 
cryptographic equipment shown in Fig. 9 operate, as 

45 described above, the physical characteristic information 
can be encrypted by the cryptographic method to gen- 
erate the cryptogram composed of components 
depending upon all the components of the physical 
characteristic information. 

50 [0277] In the decrypting equipment 240 shown in 
Fig. 9, on the other hand, the authenticated information 
read by the IC card reader 235 are transferred to a block 
decrypting part 241. In response to this, the block 
decrypting part 241 sequentially decrypts the individual 

55 components of the authenticating information, by using 
the cryptographic key stored in a cryptographic key stor- 
age area 242. And the result of decryption is subjected 
to the processing of an inverse Fourier transformation 
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(or inverse DFT) part 243. 

[0278] When the data encryption standard method 
is adopted in the encryption, as described above, the 
cryptographic key used in the encryption may be stored 
in the cryptographic key storage area 242 so that the 
block decrypting part 241 may decrypt the individual 
blocks of the authenticating information in accordance 
with the data encryption standard method. 
[0279] When the authenticating information by the 
aforementioned cryptographic equipment 230 arrive as 
they are at the decrypting equipment 240, as illustrated 
in Fig. 10D, the result of decryption by the block decrypt- 
ing part 241 is identical to the result of transformation by 
the discrete Fourier transformation part 231 during the 
cryptographic processing (see Fig. 10E). 
[0280] In response to an input of the result of 
decryption by the block decrypting part 241, therefore, 
the inverse Fourier transformation part 243 can perform 
the inverse Fourier transformation to put the elements 
derived from the individual components comprising the 
original fingerprint data, as scattered into the individual 
components constructing the scrambled result together, 
thereby to restore the original fingerprint data (see Fig. 
10F). 

[0281] When the authenticating information 
obtained by the cryptographic method described above 
is thus inputted as it is to the decrypting equipment 240 
shown in Fig. 9, the individual parts constructing the 
decrypting equipment 240 can perform the aforemen- 
tioned operations to restore the original physical char- 
acteristic information completely by using the 
decryption method described above. So the restored 
physical characteristic information can be subjected to 
the identifying processing of the fingerprint identification 
equipment 440 or the like. 

[0282] If the partially altered authenticating informa- 
tion are inputted as illustrated in Fig. 10G, on the other 
hand, the elements derived from the altered component 
of cryptogram diffuse all over the descrambled result 
(see Figs. 10H and 10J) when the result of decryption 
by the block decrypting part 241 is to be inversely Fou- 
rier-transformed by the inverse Fourier transformation 
part 243. Therefore the result of conversion to be 
obtained is considerably different from the original fin- 
gerprint data. 

[0283] Thus, in response to the alteration of the 
cryptogram as the authenticating information, the 
depending relationship between the corresponding 
component of cryptogram and the entire original finger- 
print data is automatically broken. In order to restore the 
original fingerprint data in the decryption, therefore, it is 
necessary that all the blocks constructing the crypto- 
gram not be altered. It is possible to block the attack to 
alter and utilize the authenticating information which 
was fraudulently acquired on the network. 
[0284] On the other hand, the program can realize 
the functions of the individual parts constructing the 
cryptographic equipment 230 shown in Fig. 9. By 



recording the program in the storage media and distrib- 
uting it, the system for encrypting the physical charac- 
teristic information safely by using the cryptographic 
method can be provided for users of wide range. 

5 [0285] Likewise, the program can realize the func- 
tions of the individual parts constructing the decryption 
equipment 240 shown in Fig. 9. By recording the pro- 
gram in the storage media and distributing it, there can 
be provided the system for decrypting only the proper 

w authenticating information correctly by using the 
decryption method to restore the physical characteristic 
information and to subject it to the identifying process- 
ing. 

[0286] When the cryptographic method and the 
15 decryption method described above are applied, more- 
over, it is possible to enjoy the effect to block an attack 
to analyze the identifying processing of the physical 
characteristic information and the effect to block an 
attack to analyze the data structure of the physical char- 
ge acteristic information itself. 

[0287] First of all, the former effect will be described 
with reference to Fig. 1 1 . 

[0288] When no scrambling processing is per- 
formed in the encryption, the influence by the alteration 
25 of the encrypted data is exerted upon only a portion of 
the result of decryption so long as the block encrypting 
method is adopted, no matter how excellent the crypto- 
graphic method might be. 

[0289] When the individual blocks of the authenti- 

30 eating information are sequentially altered, therefore, 
the area for the result of decryption to be compared with 
the reference data, that is, the observing area can be 
discriminated, as illustrated in Fig. 11 A, by observing 
whether or not the access by that authenticating infor- 

35 mation is received. 

[0290] When the scrambling and the block encryp- 
tion are combined, on the other hand, the influence of 
alteration is propagated to the entire descrambled result 
by the descrambling processing conducted subsequent 

40 to the decryption even if the authenticating information 
is altered slightly. As a result, a variance exceeding the 
allowable error occurs also in the observing area, so 
that the result of comparison with the reference data 
never fails to mismatch. 

45 [0291] Therefore, the aforementioned method can- 
not analyze the recognizing processing of the physical 
characteristic information. 

[0292] With reference to Fig. 12, here will be 
described the effect to prevent the data structure analy- 
se sis of the physical characteristic information itself. 

[0293] In the case of no scrambling processing in 
the encryption, the change in the content of each of the 
component constructing the physical characteristic 
information is reflected directly on the content of the cor- 
55 responding block included in the encrypted data. 

[0294] When a circled portion in the image data of a 
fingerprint is altered from a ridge point to a ridge bifur- 
cation, as illustrated in Fig. 12A, a change to appear in 
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the encrypted data is accordingly observed. Then, it is 
possible to grasp at what portion of the fingerprint data 
the feature of the aforementioned portion is described. 
[0295] When the scrambling and the block encryp- 
tion are combined, on the other hand, the contribution of 
the portion describing the individual features in the fin- 
gerprint data, as illustrated in Fig. 12A, is scattered over 
all the blocks constructing the encrypted data by the 
effect of the scrambling, as illustrated by different kinds 
of hatching in Fig. 12B. 

[0296] As a result, the aforementioned method can- 
not analyze the data structure of the physical character- 
istic information. 

[0297] By thus combining the scrambling and the 
encryption, it is possible to block the fraudulent access 
that was tried by simply altering the encrypted physical 
characteristic information and to make remarkably diffi- 
cult an attack to forge the physical characteristic infor- 
mation itself. 

[0298] As a result, it is possible to considerably 
improve the safety of the identification system. 
[0299] On the other hand, the client-side identifica- 
tion equipment 203 may be constructed to include a 
transmission controlling part in place of the IC card 
writer 234 shown in Fig. 9, and the server-side identifi- 
cation equipment 204 may be constructed to include a 
transmission controlling part in place of the IC card 
reader 235, so that the authenticating information may 
be sent and received through the network. 
[0300] Here, the physical characteristic information 
such as the fingerprint data contains the fluctuation ele- 
ments varying with the conditions of measurement so 
that the improvement in the recognition rate is limited. If 
the observing area is narrowed, as has been described 
with reference to Fig. 17, for example, another finger- 
print data may be misidentified as that of the eligible 
person's. 

[0301] On the other hand, the method for identifying 
the person with the password can ensure the identifica- 
tion by combining the password and the user's ID, but 
the safety of the entire remote identification system 
depends upon whether or not the individual can man- 
age the password strictly, so that the burden on the indi- 
vidual is increased. 

[0302] Next, here will be described a method for 
improving the safety of the remote identification system 
by combining the features of the physical characteristic 
information and the features of the password. 
[0303] Fig. 13 shows a third embodiment of the 
invention. 

[0304] In the client-side identification equipment 
101 shown in Fig. 13, the user's ID and password input- 
ted by the keyboard 41 1 are individually transferred by a 
request controlling part 251 to a block encrypting part 
252 and an message generating part 253. 
[0305] This block encrypting part 252 receives the 
aforementioned password from the request controlling 
part 251 and encrypts the fingerprint data received from 



the fingerprint reader 430, by using the password as the 
key in accordance with the cryptographic method of the 
common key system such as the data encryption stand- 
ard method, to subject the result of encryption to the 

5 processing of the message generating part 253. 

[0306] On the other hand, the message generating 
part 253 shown in Fig. 13 generates the authenticating 
information by combining the encrypted fingerprint data 
received from the block encrypting part 252 and the 

10 user's ID received from the request controlling part 251 , 
and sends the generated authenticating information to 
the network by the transmission controlling part 413. 
[0307] Thus, in response to the inputs of the 
encrypted fingerprint data and the user's ID, the mes- 

15 sage generating part 253 and the transmission control- 
ling part 413 can operate to output the authenticating 
information including the encrypted fingerprint data and 
the user's ID and to transfer the authenticating informa- 
tion to the server-side identification equipment 102 

20 through the network. 

[0308] As described above, the fingerprint data rep- 
resent the feature inherent to an individual, but the data 
numerating the feature fluctuate at each measurement 
due to the measurement error. By encrypting the finger- 

25 print data by using the password as the cryptographic 
key, therefore, the authenticating information to be sent 
to the server-side identification equipment 102 is repre- 
sented by a bit pattern different at each identification 
request. 

30 [0309] As in the case where the password is 
encrypted into the authenticating information by using 
the onetime cryptographic key, therefore, the authenti- 
cating information to be transmitted through the network 
can be made extremely difficult to decrypt by a fraudu- 

35 lent method. 

[0310] In the server-side identification equipment 
102 shown in Fig. 13, on the other hand, a password 
database 261 stores a password relating to each user's 
ID. 

40 [0311] In Fig. 13, on the other hand, a password 
retrieving part 262 responds to an instruction from an 
identification controlling part 263 to retrieve the related 
password from the password database 261 and to sub- 
ject the retrieved password to the processing of the 

45 identification controlling part 263. 

[0312] This identification controlling part 263 
receives the aforementioned authenticating information 
from the transmission controlling part 422 and retrieves 
the password relating to the user's ID included in the 

50 authenticating information by designating the user's ID 
to utilize the function of the password retrieving part 
262, to subject the password obtained and the 
encrypted fingerprint data to the processing of a block 
decrypting part 264, and to inform the fingerprint identi- 

55 fication equipment 440 of the user's ID. 

[031 3] Since the fingerprint data were encrypted by 
using the password inputted by the person oneself, as 
described above, the block decrypting part 264 may 
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perform the decryption by using the password retrieved 
by the password retrieving part 262 as the crypto- 
graphic key, to subject the restored fingerprint data to 
the processing of the fingerprint identification equip- 
ment 440. 5 
[0314] In Fig. 13, the fingerprint database 441 pro- 
vided in the fingerprint identification equipment 440 
stores the user's ID and the reference data that are 
obtained by measuring the fingerprint of the related per- 
son under a reference condition. 10 
[0315] On the other hand, the fingerprint data 
retrieving part 442 provided in the fingerprint identifica- 
tion equipment 440 retrieves the reference data accord- 
ing to the user's I D from the fingerprint database 441 . 
[0316] The reference data thus obtained are sub- 15 
jected to the identifying processing of the verifying part 
444. 

[0317] This verifying part 444 compares the finger- 
print data received from the block decrypting part 264 
and the aforementioned reference data and returns the 20 
result of recognition derived from the result of compari- 
son to the identification controlling part 263. 
[0318] Thus, it is possible to construct the remote 
identification system that utilizes the physical character- 
istic information and the password. 25 
[0319] In this remote identification system, only 
when the permitted person subjects his or her own fin- 
gerprint to the measurement of the fingerprint reader 
430 and inputs a proper password, the fingerprint data 
obtained by the fingerprint reader 430 are completely 30 
restored by the aforementioned block decrypting part 
264 and are subjected to the processing of the verifying 
part 444. 

[0320] At this time, each of the components of the 
restored fingerprint data matches with each of the com- 35 
ponents of the reference data within a permitted range 
over an area covering the observing area according to a 
predetermined recognition rate so that the result of 
comparison indicating the match with the reference data 
is obtained by the fingerprint identification equipment 40 
440. 

[0321] In this case, the identification controlling part 
263 utilizes the function of the transmission controlling 
part 422 to inform the client-side identification equip- 
ment 1 01 of the identification result of having confirmed 45 
the identify. On the other hand, the request controlling 
unit 251 provided in the client-side identification equip- 
ment 101 receives the identification result through the 
transmission controlling part 413 and may inform the 
person of the fact that the access is admitted by the 50 
CRT displaying equipment (CRT) 415, for example. 
[0322] Next, here will be described the operation of 
the remote identification system, as shown in Fig. 13, to 
block the fraudulent access with reference to Fig. 14. 
[0323] When a fraudulent person makes an access 55 
by using the password that was plagiarized from an eli- 
gible person, for example, the block encrypting part 
encrypts the fingerprint data of the aforementioned 



fraudulent person by using the plagiarized password as 
the cryptographic key, and transfers the encrypted data 
to the server-side identification equipment. 
[0324] In response to this, the decrypting part pro- 
vided in the server-side identification equipment shown 
in Fig. 14A performs the decryption according to the 
password received from the password retrieving part so 
that the fingerprint data of the fraudulent person are 
obtained and subjected together with the reference data 
of the eligible person retrieved from the fingerprint data- 
base, to the identifying processing by the verifying part. 
[0325] In this case, another fingerprint data are 
compared with each other so that the apparently mis- 
matching result of comparison is naturally obtained by 
the verifying part. According to the result of recognition 
derived from the result of comparison, the identification 
controlling part 263 shown in Fig. 13 may deny the per- 
mission of the fraudulent person and may exclude it as 
the fraudulent access. 

[0326] On the other hand, the plagiarism, if any, of 
the fingerprint data of the eligible person can be likewise 
coped with. 

[0327] In this case, as shown in Fig. 14B, the block 
encrypting part encrypts the plagiarized fingerprint data 
by using the erroneous password as the cryptographic 
key. By the decrypting part in the server-side identifica- 
tion equipment, therefore, the plagiarized fingerprint 
data are decrypted by using the proper password as the 
cryptographic key so that a meaningless bit string is 
generated in place of the fingerprint data. 
[0328] Therefore, the verifying part compares the 
bit string and the reference data to give a result that they 
mismatch. In response to an input of the result of recog- 
nition derived from the result of comparison, the identifi- 
cation controlling part 263 shown in Fig. 13 may deny 
the permission of the fraudulent person and may 
exclude it as the fraudulent access. 
[0329] Thus in the remote identification system 
shown in Fig. 13, both the physical characteristic infor- 
mation representing a characteristic inherent to an indi- 
vidual and the password to be concealed and managed 
from others by the person can be used to confirm the 
identity, and the fluctuation of the physical characteristic 
information can be utilized to make the cryptanalysis of 
the authenticating information difficult. 
[0330] Here, the physical characteristic information 
fluctuates within a range of measurement errors at 
every measurement so that its cryptanalysis is difficult 
when encrypted, and this point is excellent as the 
authenticating information. On the contrary, the physical 
characteristic information is invariable for the life of a 
person. Once a certain person prepares a circum- 
stance, in which the pseudo physical characteristic 
information having a fluctuation corresponding to the 
measurement error can be freely generated, according 
to the fundamental physical characteristic information, 
the related physical characteristic information cannot be 
used as the authenticating information, to cause a fatal 
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defect. 

[0331] On the other hand, the password can be 
suitably changed, if necessary, and is excellent in usa- 
bility as the authenticating information. As has been 
described in DESCRIPTION OF THE RELATED ART, 5 
on the contrary, the password is easily plagiarized and 
is composed of a fixed string so that it is defective in the 
point that decryption is easy even if encrypted. 
[0332] As described above, the physical character- 
istic information and the password have respective 10 
advantages and disadvantages, if viewed independ- 
ently. According to the identification system shown in 
Fig. 13, however, the respective advantages and disad- 
vantages of the physical characteristic information and 
the password can be compensated each other by inte- 15 
grating the physical characteristic information and the 
password and by making their separation difficult, 
thereby to ensure identification of the eligibility of a per- 
son. 

[0333] This can lighten the burden on the person 20 
concerning the management of the password and can 
improve the safety of the remote identification system 
so that important information can be safely sent and 
received through the network. As a result, it is possible 
to function the e-commerce and the system for sending 25 
and receiving the information requiring secrecy safely. 
[0334] On the other hand, the physical characteris- 
tic information may be encrypted by the public key sys- 
tem. 

[0335] In this case, in the client-side identification 30 
equipment 101 shown in Fig. 13, the block encrypting 
part 252 may encrypt the physical characteristic infor- 
mation such as the fingerprint data by using the pass- 
word received from the request controlling part 251 as 
the secret key, for example, by using an RSA algorithm. 35 
[0336] On the other hand, the block decrypting part 
264 provided in the server-side identification equipment 
102 shown in Fig. 13 may decrypt the encrypted finger- 
print data received from the identification controlling 
part 263, by using the public key to subject the restored 40 
physical characteristic information to the identifying 
processing. 

[0337] In this case, the cryptographic key used for 
generating the authenticating information and the cryp- 
tographic key to be used for the decryption are different. 45 
Even if the content of the password database 261 is pla- 
giarized by hacking the server-side identification equip- 
ment 102, for example, the safety of the entire remote 
identification system can be assured. 

[0338] On the other hand, the client-side identifica- 50 
tion equipment may be constructed to include the IC 
card writer in place of the transmission controlling part 
413 shown in Fig. 13, and the server-side identification 
equipment may be constructed to include the IC card 
reader in place of the transmission controlling part 422, 55 
so that the authenticating information may be sent and 
received by manually transporting the IC card. 
[0339] The invention is not limited to the above 



embodiments and various modifications may be made 
without departing from the scope of the invention. Any 
improvement may be made in part or all of the compo- 
nents. 

Claims 

1. A cryptographic method comprising the steps of: 

receiving physical characteristic information 
representing a characteristic inherent to an 
individual; 

randomly determining a numeric key; 
generating a cryptographic key from said 
numeric key and a predetermined primary key; 
encrypting said physical characteristic informa- 
tion using said cryptographic key; and 
generating an auxiliary code for decrypting 
said cryptographic key , from said encrypted 
physical characteristic information and said 
numeric key. 

2. A decryption method comprising the steps of: 

receiving encrypted physical characteristic 
information and an auxiliary code; 
restoring a numeric key from said received 
data; 

restoring cryptographic key from said numeric 
key and a predetermined primary key; and 
decrypting said encrypted physical characteris- 
tic information by using said cryptographic key 
and obtaining physical characteristic informa- 
tion. 

3. A cryptographic equipment, comprising: 

inputting means for inputting physical charac- 
teristic information representing a characteris- 
tic inherent to an individual; 
numeric key generating means for randomly 
determining numeric key; 
key generating means for generating a crypto- 
graphic key from said numeric key and a prede- 
termined primary key; 

encrypting means for encrypting said physical 
characteristic information using said crypto- 
graphic key; and 

code generating means for generating an aux- 
iliary code from said encrypted physical char- 
acteristic information and said numeric key. 

4. A decryption equipment comprising: 

receiving means for receiving an encrypted 
physical characteristic information and an aux- 
iliary code ; 

numeric key restoring means for restoring a 



21 



41 



EP 1 063 812 A2 



42 



numeric key from said encrypted physical char- 
acteristic information and said auxiliary code; 
key generating means for generating a crypto- 
graphic key from said numeric key and a prede- 
termined primary key; and 5 
decrypting means for decrypting said 
encrypted physical characteristic information 
by using said cryptographic key. 

5. A storage media for storing a program to be exe- 10 
cuted by a computer, comprising: 

a inputting procedure for inputting physical 
characteristic information representing a char- 
acteristic inherent to an individual; 15 
a numeric key generating procedure for ran- 
domly determining a numeric key; 
a key generating procedure for generating a 
cryptographic key from said numeric key and a 
predetermined primary key; 20 
an encrypting procedure for encrypting said 
physical characteristic information using said 
cryptographic key; and 

a code generating procedure for generating an 
auxiliary code from said encrypted physical 25 
characteristic information and said numeric 
key. 

6. A storage media for storing a program to be exe- 
cuted by a computer, comprising: 30 

a receiving procedure for receiving a crypto- 
gram including an encrypted physical charac- 
teristic information and an auxiliary code; 
a numeric key restoring procedure for restoring 35 
a numeric key from said encrypted physical 
characteristic information and said auxiliary 
code; 

a key generating procedure for generating a 
cryptographic key from said numeric key and a 40 
predetermined primary key; and 
a decrypting procedure for decrypting said 
encrypted physical characteristic information 
by using said cryptographic key. 

45 

7. An cryptographic method comprising the steps of: 



tic information by using the predetermined 
cryptographic key. 

8. A decryption method comprising the steps of: 

receiving a cryptogram which is an encryption 
of scrambled physical characteristic informa- 
tion; 

decrypting said cryptogram by using the prede- 
termined cryptographic key and obtaining said 
scrambled physical characteristic information ; 
and 

descrambling said scrambled physical charac- 
teristic information by removing each element 
from each component constructing the result of 
decryption, in which each element is effected at 
the time of scrambling, by a plurality of compo- 
nents that has a predetermined relationship 
with said each component. 

9. A cryptographic equipment comprising: 

inputting means for inputting physical charac- 
teristic information representing a characteris- 
tic inherent to an individual; 
scrambling means for arithmetically converting 
each component of said physical characteristic 
information by using a predetermined function 
concerning said each component and a plural- 
ity of components having a predetermined rela- 
tionship with said each component, to 
scramble said physical characteristic informa- 
tion; and 

encrypting means for encrypting the scrambled 
physical characteristic information by using the 
predetermined cryptographic key. 

10. A decryption equipment comprising decrypting 
means for decrypting a received cryptogram which 
is an encryption of a scrambled physical character- 
istic information, by a predetermined cryptographic 
key and obtaining said scrambled physical charac- 
teristic information and 

descrambling means for descrambling said 
scrambled physical characteristic information. 



receiving physical characteristic information 
representing a characteristic inherent to an 
individual; 50 
arithmetically converting each component of 
said physical characteristic information by 
using a predetermined function concerning 
said each component and a plurality of compo- 
nents having a predetermined relationship with 55 
said each component, to scramble said physi- 
cal characteristic information; and 
encrypting the scrambled physical characteris- 



11. A storage media for storing a program to be exe- 
cuted by a computer, comprising: 

a inputting procedure for inputting physical 
characteristic information representing a char- 
acteristic inherent to an individual; 
a scrambling procedure for arithmetically con- 
verting each component of said physical char- 
acteristic information by using a predetermined 
function concerning said each component and 
a plurality of components having a predeter- 
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mined relationship with said each component, 
to scramble said physical characteristic infor- 
mation; and 

an encrypting procedure for encrypting the 
scrambled physical characteristic information 5 
by using the predetermined cryptographic key. 

12. A storage media for storing a program to be exe- 
cuted by a computer, comprising a decrypting pro- 
cedure for decrypting a received cryptogram which 10 
is an encryption of a scrambled physical character- 
istic information, by a predetermined cryptographic 
key and obtaining said scrambled physical charac- 
teristic information and 

15 

a descrambling procedure for descrambling 
said scrambled physical characteristic informa- 
tion. 

13. A remote identification system comprises a client- 20 
side equipment and server-side equipment , 
wherein: 

said client-side equipment comprising inputting 
means for inputting physical characteristic 25 
information representing a characteristic inher- 
ent to an individual; 

proof information inputting means for inputting 
information including identifier or identifying an 
individual and a password; 30 
encrypting means for encrypting said physical 
characteristic information using said password 
as a cryptographic key and outputting a crypto- 
gram; and 

outputting means for outputting authenticating 35 
information generated from said cryptogram 
and said identifier; 

said server-side equipment comprising regis- 
tering means for registering password and ref- 
erence data which is obtained by measuring a 40 
physical characteristic corresponding to each 
individual, relating to given identifier corre- 
sponding to each person; 
receiving means for receiving authenticating 
information consisting of said cryptogram and 45 
said identifier; 

retrieving means for retrieving a relating pass- 
word and reference data from said registering 
means in accordance to received identifier ; 
decrypting means for decrypting said received 50 
cryptogram by using the password retrieved by 
said retrieving means as a cryptographic key 
and obtaining a physical characteristic informa- 
tion; and 

examining means for examining whether or not 55 
said physical characteristic information and 
retrieved reference data are equivalent. 



14. A data sending equipment comprising: 

inputting means for inputting physical charac- 
teristic information representing a characteris- 
tic inherent to each individual; 
proof information inputting means for inputting 
information including identifier or identifying an 
individual and a password; 
encrypting means for encrypting said physical 
characteristic information using said password 
as a cryptographic key and outputting a crypto- 
gram; and 

outputting means for outputting authenticating 
information generated from said cryptogram 
and said identifier. 

15. A identifying equipment comprising: 

registering means for registering password and 
reference data which is obtained by measuring 
a physical characteristic corresponding to each 
individual, relating to given identifier corre- 
sponding to each person; 
receiving means for receiving authenticating 
information consisting of said cryptogram and 
said identifier; 

retrieving means for retrieving a relating pass- 
word and reference data from said registering 
means in accordance to received identifier ; 
decrypting means for decrypting said received 
cryptogram by using the password retrieved by 
said retrieving means as a cryptographic key 
and obtaining a physical characteristic informa- 
tion; and 

examining means for examining whether or not 
said physical characteristic information and 
retrieved reference data are equivalent. 
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Fig. 3 
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